Option to protect against xxs?

William_Davison · May 26, 2022, 11:47am

In ColdFusion you could tick in the administrator an option to protect against xxs, that option isn’t in Lucee that I can see. Does it exist?

CloudLinux v7.9.0
Lucee 5.3.7.47
Apache/2.4.53

Zackster · May 26, 2022, 11:51am

it’s not super robust, you still need to use the encodeForHtml etc

William_Davison · May 26, 2022, 1:38pm

Got it thanks

sandersbud4 · May 27, 2022, 12:01pm

Got it @Zackster Thanks…

andreas · May 27, 2022, 2:01pm

And depending on the output you are using and where you are using it, use the respective alternatives like encodeForHTMLAttribute(), encodeForJavascript(), etc. Sometimes you need to use both in combination, like I’ve posted at the end of this stackoverflow answer about escaping output

kenricashe · May 27, 2022, 7:01pm

The acronym for Cross-Site Scripting is XSS which I mention to improve search results for this topic.